Dnsmasq is a lightweight and easy to configure DNS forwarder and DHCPserver.

Core Security Technologies discovered a heap overflow flaw in dnsmasq whenthe TFTP service is enabled (the "--enable-tftp" command line option, or byenabling "enable-tftp" in "/etc/dnsmasq.conf"). If the configured tftp-rootis sufficiently long, and a remote user sends a request that sends a longfile name, dnsmasq could crash or, possibly, execute arbitrary code withthe privileges of the dnsmasq service (usually the unprivileged "nobody"user). (CVE-2009-2957)

A NULL pointer dereference flaw was discovered in dnsmasq when the TFTPservice is enabled. This flaw could allow a malicious TFTP client to crashthe dnsmasq service. (CVE-2009-2958)

Note: The default tftp-root is "/var/ftpd", which is short enough to makeit difficult to exploit the CVE-2009-2957 issue; if a longer directory nameis used, arbitrary code execution may be possible. As well, the dnsmasqpackage distributed by Red Hat does not have TFTP support enabled bydefault.

All users of dnsmasq should upgrade to this updated package, which containsa backported patch to correct these issues. After installing the updatedpackage, the dnsmasq service must be restarted for the update to takeeffect.

4. Solution:

Before applying this update, make sure that all previously-releasederrata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to usethe Red Hat Network to apply this update are available athttp://kbase.redhat.com/faq/docs/DOC-11259